BT and KPMG: Businesses in an "arms race" with pro cybercriminals

A new report by BT and the audit firm KPMG has revealed that businesses worldwide have found themselves in an “arms race” with criminals over the possible threat of cyber attacks.

According to the report titled, Taking the Offensive – Working Together to Disrupt Digital Crime, only a fifth of IT bosses working at major corporations are confident that their organisation is fully prepared to deal with cyber attacks. However, the report also brought to light the fact that 97 per cent of the report's respondents had experienced some kind of cyber attack.

Mark Hughes, BT Security's CEO added his thoughts on the arms race that has developed between businesses and cyber criminals, saying: “The industry is now in an arms race with professional criminal gangs and state entities with sophisticated tradecraft. The 21st-century cyber criminal is a ruthless and efficient entrepreneur, supported by a highly developed and rapidly evolving black market."

"With cyber-crime continuing to escalate, a new approach to digital risk is needed - and that means putting yourself in the shoes of attackers. Businesses need to not only defend against cyber attacks, but also disrupt the criminal organisations that launch those attacks. They should certainly work closer with law enforcement as well as partners in the cyber security marketplace."

Lack of strategy versus cyber attacks

BT and KPMG's report also highlighted the fact that fewer than half of the IT bosses questioned said that they had a strategy in place designed to prevent criminals from gaining access to their organisations.

The report suggests that cyber security should no longer be considered as a defense exercise and that more companies should adopt the role of the “enabler” in order to become more secure against cyber attacks.

KPMG's UK head of cyber security, Paul Taylor expounded on this idea, saying: "It's time to think differently about cyber risk, ditching the talk of hackers and recognising that our businesses are being targeted by ruthless criminal entrepreneurs with business plans and extensive resources - intent on fraud, extortion or theft of hard-won intellectual property.

"Talking generically about cyber risk doesn't deliver insight. You need to think about credible attack scenarios against your business and consider how cyber security, fraud control and business resilience work together to prepare for, and deal with, those threats.”

"If that's done, then cyber security can become a mainstream corporate strategy as a vital component of doing business in the digital world."

Improved intelligence sharing and better cooperation with law enforcement is the best way to tackle cyber attacks, Darren Anstee, Chief Security Technologist at Arbor Networks, says.

“The skills shortage is a definite issue, the recent SANS 2016 Incident Response Survey showed that 65 per cent of respondents felt that the skills shortage was an impediment to incident response.”

“Businesses can take the fight to cyber-criminals with improved intelligence sharing and better co-operation with law enforcement. But pre-emptive attack is another thing entirely, as there are legal issues such as attacker infrastructure made up of compromised machines belonging to other organisations and individuals, and the route to those systems can be across multiple service provider networks.”